API Override — Privacy Policy

Last updated: May 7, 2026

Short version: API Override does not collect, transmit, sell, or share any personal information or browsing data. Everything you configure stays on your device.

1. Who this policy applies to

This privacy policy describes the data practices of the API Override Chrome extension (the "Extension"). It applies to anyone who installs or uses the Extension from the Chrome Web Store.

2. Data the extension does not collect

The Extension does not collect or transmit any of the following:

Personally identifiable information (name, email, account IDs, etc.)
Authentication credentials, cookies, or session tokens
Browsing history or the URLs you visit
The content of any web page, request, or response
Analytics, telemetry, crash reports, or usage statistics
Device identifiers, IP addresses, or location data

There is no remote server. The Extension does not make any network requests of its own.

3. Data the extension stores locally

The Extension uses Chrome's built-in chrome.storage API to save your configuration on your own device. The data stored is limited to:

The list of rules you create (rule type, match patterns, target URLs, parameter names, response bodies, etc.)
Each rule's enabled / disabled state
The master on / off toggle

This data never leaves your browser. Uninstalling the Extension removes it. If you have Chrome sync enabled for extension settings, Chrome itself may sync this data between your own signed-in devices — that synchronization is performed by Google Chrome, not by the Extension.

4. Permissions and why they are used

declarativeNetRequest (and related)

Used to register your Redirect, Replace String, and Query Param rules with Chrome's network engine. The engine matches and rewrites requests inside Chrome — the Extension does not see request bodies or response contents through this API.

storage

Persists your rule list and toggles locally on your device.

debugger

Required only for the Modify Response rule type. In Manifest V3 this is the only API that can substitute a response body. The Extension attaches the debugger only while at least one Modify Response rule is enabled, and only to tabs whose requests match. While attached, Chrome itself displays its standard "this browser is being debugged" notice. The Extension does not log, store, or transmit any intercepted request or response data.

tabs

Used to attach the debugger to the correct tab when a Modify Response rule fires, and to surface match counts in the popup.

host_permissions: <all_urls>

You decide which URLs your rules match. Because the Extension cannot know in advance which hosts you intend to test or debug, it requests access to any URL — but it only acts on requests that match a rule you have created and enabled.

5. Data sharing

Because no data is collected, there is nothing to share. The Extension does not sell, rent, transfer, or disclose any data to third parties. No advertising networks, analytics providers, or tracking services are integrated.

6. Children's privacy

The Extension is a developer tool not directed at children. It does not knowingly collect information from children under 13.

7. Security

All configuration data lives in Chrome's extension storage on your device, protected by your operating system and Chrome user profile. Because nothing is transmitted, there is no transport-layer attack surface introduced by the Extension itself.

8. Changes to this policy

If this policy is updated, the new version will be published at this URL with a revised "Last updated" date above. Material changes will be reflected in the Extension's release notes on the Chrome Web Store.

9. Contact

Questions or concerns about this policy? Email mauricio.neto@objectedge.com.